VYPR

rpm package

opensuse/uftpd&distro=openSUSE Leap 15.1

pkg:rpm/opensuse/uftpd&distro=openSUSE%20Leap%2015.1

Vulnerabilities (2)

  • CVE-2020-14149Jun 15, 2020
    affected < 2.12-lp151.2.6.1fixed 2.12-lp151.2.6.1

    In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command.

  • CVE-2020-5204Jan 6, 2020
    affected < 2.11-lp151.2.3.1fixed 2.11-lp151.2.3.1

    In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addr